package chaoyue.study.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HelloController {

    @PreAuthorize("hasAnyAuthority('normal')")
    @GetMapping("hello")
    public String hello() {
        return "hello";
    }

    @PreAuthorize("hasAnyAuthority('vip')")
    @GetMapping("vip")
    public String vip() {
        return "VIP!!!!";
    }

    /**
     * 使用自定义的权限表达式解析器来判断权限
     */
    @PreAuthorize("@myAuthChecker.check('vip')")
    @GetMapping("myChecker")
    public String myChecker() {
        return "MyChecker!!!";
    }
}
